The user's keyword might be interpreted as "MikroTik backup patched" meaning that a backup feature has been patched. Maybe there is a known issue where backups could be decrypted or modified. I recall a vulnerability where a backup could be used to enable devel mode. That might have been patched. Let's search for "MikroTik backup devel mode patch". seem to be unofficial patches, not relevant.
Important: Go to and click Upgrade to update the firmware, then reboot. Secure Management Services: mikrotik backup patched
An automated scanner finds the file, extracts test:test123 , and logs into the current PPPoE server. The test account is still active (forgotten). The attacker now has a foothold and pivots to brute-force admin credentials via PPPoE active sessions. The user's keyword might be interpreted as "MikroTik
Never generate a backup without a password. That might have been patched
/user admin /export file=backup_config
If your routers are running current, stable versions of RouterOS, the backup system is structurally secure against these historical exploits. However, security is an ongoing process. Regularly auditing your device configurations, using complex backup passwords, and blocking public access to management ports will keep your network safe from future variants of these attacks.